The Cyber Operations Tracker has just been updated. This update includes the state-sponsored incidents and threat actors that have been made public between July 2018 and September 2018. We also modified some older entries to reflect the latest developments.

A significant number of changes to the tracker were a result of a mix of public attribution, criminal charges, and sanctions leveled by the United States and its allies as part of an effort to impose consequences against states they view as reckless in cyberspace.

Congratulations to Panama and Saudi Arabia, which have been added to the tracker for their suspected state-sponsored operations against dissident groups using the Pegaus tool from the NSO Group.

A detailed log of the added and modified entries follow. If you know of any state-sponsored cyber incidents that should be included, you can submit them to us here.

Edits to Old Entries

APT 28. Added that the United Kingdom and United States associate this threat actor with Russian military intelligence (GRU), and noted its suspected responsibility for a number of newly reported incidents. Turla. Added that it is believed to have been responsible for the compromise of the German and Finnish foreign ministries.Compromise of the World Anti-Doping Agency. Added a reference to Swiss authorities investigating Russia's suspected involvement, and the attribution statements from Australia, Canada, New Zealand, the United Kingdom, and the United States. Compromise of Sony Pictures Entertainment. Added a reference to the U.S. Department of Justice criminal complaint against North Korean actors responsible for this incident. SWIFT-related bank heists. Added a reference to the U.S. Department of Justice criminal complaint against North Korean actors responsible for this incident. WannaCry. Added a reference to the U.S. Department of Justice criminal complaint against North Korean actors responsible for this incident. Lazarus Group. Added a reference to the U.S. Department of Justice criminal complaint against North Korean actors believed to be behind this threat actor. APT 10. Added a reference that this threat actor is believed to be part of the Tianjin bureau of the Chinese Ministry of State Security. TempTick. Added a reference that this threat actor is known for compromising USB sticks used to transfer data to air-gapped networks. Compromise of the International Association of Athletics Federations. Added a reference to U.S. authorities attributing this incident to Russian military intelligence. Black Energy. Added that the UK government attributed this incident to Russian military intelligence (GRU).Compromise of the Democratic National Committee. Added that the UK government attributed this incident to Russian military intelligence (GRU).